Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » News » Naikon APT campaign goes undetected for five years

Naikon APT campaign goes undetected for five years

by Emma Woollacott
15 May 2020
in News
0
Naikon APT campaign goes undetected for five years
0
SHARES

An espionage campaign uncovered by Israeli cybersecurity company Check Point shows just how persistent advanced threat groups can be.

Back in 2015, cybersecurity firms ThreatConnect and Defense Group investigated the Naikon APT group, which had been targeting government agencies in a number of countries around the South China Sea, as well as international organisations such as the United Nations Development Programme and the Association of Southeast Asian Nations. 

The firms linked the group to a specific unit of the Chinese People’s Liberation Army (PLA), Army Unit 78020, and even to a particular individual involved. After their research was published, the group appeared to go quiet.

Five years on, though, and Naikon is back in the spotlight – and with techniques more sophisticated than before, says Check Point. In a campaign that’s believed to have been going on ever since the previous investigation, it’s been targeting Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei using ‘stepping-stone’ attacks.

New backdoor detected

According to Check Point, Naikon has now been using a new backdoor named Aria-body, allowing it to take control of victims’ networks and copy, delete or create files. 

In some cases, it’s deployed an RTF file utilizing the RoyalRoad weaponizer; in others, it’s been using archives with a legitimate executable that sideloads a malicious DLL to deliver the payload, or else a malware dropper. 

And after gathering data, files and contacts, it then launches attacks from one of the breached entities to try and infect another.

“This includes not only locating and collecting specific documents from infected computers and networks within government departments, but also extracting data from removable drives, taking screenshots and keylogging, and of course harvesting the stolen data for espionage,” says the team. 

“And if that wasn’t enough, to evade detection when accessing remote servers through sensitive governmental networks, the group compromised and used servers within the infected ministries as command and control servers to collect, relay and route the stolen data.”

In fact, the group could have remained under the radar for even longer, had it not made a mistake. Check Point was alerted to the campaign when it spotted a malicious email sent from a government embassy in the Asia Pacific region to the government of Western Australia. It was only when the wrong email address was used and the email bounced back that the attack was discovered.

Campaigns run undetected

Only last month, researchers at Blackberry uncovered five separate APT groups with ties to the Chinese government that, it says, had been exploiting Linux servers for eight years.

As John McClurg, Blackberry’s chief information security officer points out, “This research paints a picture of an espionage effort targeting the very backbone of large organizations’ network infrastructure that is more systemic than has been previously acknowledged.” 

This, and Check Point’s new discovery, raise the question of just how many other undetected campaigns Chinese actors may be running.

ShareTweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.